SunBlock: Cloudless Protection for IoT Systems
Vadim Safronov, Anna Maria Mandalari, Daniel J. Dubois, David Choffnes, Hamed Haddadi
TL;DR
SunBlock tackles IoT security and privacy risks by delivering cloudless threat detection on a home router. It fuses a rule-based filtering engine (Snort3 NFQ IPS) with an ARM-enabled AI anomaly detector (OCSVM ported via netml in a Docker container) to run entirely locally. In a realistic 10-device IoT testbed with threat emulation, SunBlock achieves broader threat coverage than popular cloud-based protections while imposing modest edge overhead and preserving normal IoT functionality. This cloudless, edge-based approach reduces privacy exposure and latency, offering a practical path to private, resilient home IoT security.
Abstract
With an increasing number of Internet of Things (IoT) devices present in homes, there is a rise in the number of potential information leakage channels and their associated security threats and privacy risks. Despite a long history of attacks on IoT devices in unprotected home networks, the problem of accurate, rapid detection and prevention of such attacks remains open. Many existing IoT protection solutions are cloud-based, sometimes ineffective, and might share consumer data with unknown third parties. This paper investigates the potential for effective IoT threat detection locally, on a home router, using AI tools combined with classic rule-based traffic-filtering algorithms. Our results show that with a slight rise of router hardware resources caused by machine learning and traffic filtering logic, a typical home router instrumented with our solution is able to effectively detect risks and protect a typical home IoT network, equaling or outperforming existing popular solutions, without any effects on benign IoT functionality, and without relying on cloud services and third parties.